sba ent bn lanconfigurationguide-august2011

8/3/2019 SBA Ent BN LANConfigurationGuide-August2011

1/45

LAN Conguration Guide

August 2011 Series


2/45

Preface

This guide is a Cisco Smart Business Architecture (SBA) guide.

Who Should Read This Guide

This guide is written for people who fill a variety of roles:

Systems engineers who need standard procedures for implementing

solutions

Project managers who need reference material for creating statements

of work for Cisco SBA implementations

Sales partners who want help with selling new technology or who create

their own implementation documentation

Trainers who need material for classroom instruction or on-the-job training

In general, you can also use Cisco SBA guides to improve consistency

among engineers, among deployments, and to improve scoping and costing

of deployment jobs.

Release Series

Cisco updates and enhances SBA guides twice a year. Before we release

a series of Cisco SBA guides, we test them together in the SBA lab, as a

complete system. To ensure the mutual compatibility of designs in Cisco

SBA guides, you should use guides that belong to the same SBA series.

All Cisco SBA guides include the series name on the cover and at the bot-

tom left of each page. The series are named as follows:

February year Series

August year Series

where year indicates the calendar year of the series.

You can find the most recent series of Cisco SBA guides at the following sites:

Customer access: http://www.cisco.com/go/sba

Partner access: http://www.cisco.com/go/sbachannel

How to Read Commands

Many Cisco SBA guides provide specific details about how to configureCisco network devices that run Cisco IOS, Cisco NX-OS, or other operating

systems that you configure at a command-line interface (CLI). This section

describes the conventions used to specify commands that you must enter.

Commands to enter at a CLI appear as follows:

configure terminal

Commands that specify a value for a variable appear as follows:

ntp server 10.10.48.17

Commands with variables that you must define appear as follows:

class-map [highest class name]

Commands shown in an interactive example, such as a script or when theommand prompt is included, appear as follows:

Router# enable

Long commands that line wrap are underlined. Enter them as one command:

wrr-queue random-detect max-threshold 1 100 100 100 100 100100 100 100

Comments and Questions

If you would like to comment on a Cisco SBA guide or ask questions, please

use the forum at the bottom of one of the following sites:

Customer access: http://www.cisco.com/go/sbaPartner access: http://www.cisco.com/go/sbachannel

An RSS feed is available if you would like to be notified when new comments

are posted.

PrefaceAugust 2011 Series
http://www.cisco.com/go/sbahttp://www.cisco.com/go/sbachannelhttp://www.cisco.com/go/sbahttp://www.cisco.com/go/sbachannelhttp://www.cisco.com/go/sbachannelhttp://www.cisco.com/go/sbahttp://www.cisco.com/go/sbachannelhttp://www.cisco.com/go/sba


3/45

Table of ContentsAugust 2011 Series

ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS

DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITA-

TION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH

DAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL

OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY

DEPENDING ON FACTORS NOT TESTED BY CISCO.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and gures included in the document are shown for illustrative purposes

only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

2011 Cisco Systems, Inc. All rights reserved.

Table of Contents

Whats In This SBA Guide 1

About SBA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Route to Success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Introduction 2

Graphical Interface Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Enterprise Organizations Deployment Product List 4

Access Layer Confgurations 6

Catalyst 3750-X Series Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Catalyst 4500+E Series Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Distribution Layer C onfgurations 17

Catalyst 3750X-12S Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Catalyst 4507R+E Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Catalyst Virtual Switching System 4T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Core Layer Confgurations 37

Catalyst 6500 Series Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37


4/45

1Whats In This SBA GuideAugust 2011 Series

Whats In This SBA Guide

About SBA

Cisco SBA helps you design and quickly deploy a full-service businessnetwork. A Cisco SBA deployment is prescriptive, out-of-the-box, scalable,

and flexible.

Cisco SBA incorporates LAN, WAN, wireless, security, data center, appli-

cation optimization, and unified communication technologiestested

together as a complete system. This component-level approach simplifies

system integration of multiple technologies, allowing you to select solu-

tions that solve your organizations problemswithout worrying about the

technical complexity.

About This Guide

This guide is a configuration files guide. It provides, as a comprehensivereference, the complete network device configurations that are implemented

in a Cisco SBA deployment guide.

This guide provides the configuration files for the deployment guide that it

follows on the Route to Success, shown below.

Design Overview LANDeployment Guide LAN ConfigurationFiles Guide AdditionalDeployment Guides

ENT BN

You are Here Dependent GuidesPrerequisite Guides

Route to Success

To ensure your success when implementing the designs in this guide, you

should read any guides that this guide depends uponshown to the left

of this guide on the route above. Any guides that depend upon this guide

are shown to the right of this guide.

For customer access to all guides: http://www.cisco.com/go/sba

For partner access: http://www.cisco.com/go/sbachannel
http://www.cisco.com/go/sbahttp://www.cisco.com/go/sbachannelhttp://www.cisco.com/go/sbachannelhttp://www.cisco.com/go/sba


5/45

2IntroductionAugust 2011 Series

Introduction

For Cisco partners and customers with 200010,000 connected users, we

have created an out-of-the-box deployment that is simple, fast, affordable,

scalable, and flexible. We have designed it to be easyeasy to configure,

deploy, and manage.

The simplicity of this deployment, though, belies the depth and breadth of

the architecture. Based on feedback from many customers and partners,

Cisco has developed a solid network foundation with a flexible platform

that does not require re-engineering to support additional Network or User

services.

The Smart Business Architecture (SBA) Borderless Networks (BN) for

Enterprise Organizations architecture is comprised of a single Design Guide,

and Deployment guides and Configuration guides for each of the three

sections: LAN, WAN, and Internet Edge.

The SBA BN for Enterprise Organizations Deployment Guide is a prescrip-

tive reference design that provides step-by-step instructions for the deploy-

ment of the products in the design. It is based on Enterprise best practice

principles. Based on feedback from customers and partners, Cisco has

developed a solid network foundation as a flexible platform that does not

require reengineering to include additional Network or User services.

Figure 1 Smart Business Architecture Model

User

Services

NetworkServices

Network

Foundation

Voice,Video,

Web Meetings

Security,

WAN Optimization,Guest Access

Routing, Switching,

Wireless, and Internet

This deployment guide has been architected to make your life a little bit

maybe even a lotsmoother. This architecture:

Provides a solid foundation

Makes deployment fast and easy

Accelerates ability to easily deploy additional services

Avoids the need for re-engineering of the core network

Graphical Interface Management

There are products in this design where we have omitted the configuration

file. Those products have browser-based graphical configuration tools.

Please refer to the companion Smart Business Architecture Borderless

Networks for Enterprise Organizations LAN Deployment Guide at https://www.cisco.com/go/sba for step-by-step instructions on configuring those

products.
http://www.cisco.com/go/sbahttp://www.cisco.com/go/sbahttp://www.cisco.com/go/sbahttp://www.cisco.com/go/sba


6/45

3IntroductionAugust 2011 Series

Figure 2 Smart Business Architecture Borderless Networks for Enterprise Organizations

Hardware and Software

VPNTeleworker /

Mobile Worker

Branch Router with

Application Acceleration

Client

Access

Switch

Wireless

Access Point

Remote

Remote

Access VPN

Internet

Edge Routers

Distribution

Switches

Core

Switches

Client

Access

Switches

Internet

Servers

Wireless

LAN Controller

Application

Acceleration

Application

Acceleration

Regional

Router

Web Security

Appliance

Email Security

Appliance

Guest

WLAN

FirewallVPN

Collapsed

Distribution/Core

Switches

Wireless

LAN Controller

Regional

Office Building 1 Building 2 Building 4Building 3

Campus

I

I WANAggregation

Local Area

Network

Internet

EdgeInternet

Edge

wwW

wwW

Data

Center

Internet

WAN


7/454Enterprise Organizations Deployment Product ListAugust 2011 Series

Enterprise Organizations Deployment Product List

Functional Area Product Part Numbers Software Version

Access Layer for PC, phones,APs, other devices

Catalyst 2960SStackable Ethernet 10/100/1000 port with

PoE+ and Stack Module

WS-C2960S-24PD-LCatalyst 2960S 24 GigE PoE+, 2 x 10G SFP+ LAN Base

WS-C2960S-48FPD-L

Catalyst 2960S 48 GigE PoE +, 2 x 10G SFP+ LAN Base

WS-C2960S-24PS-L

Catalyst 2960S 24 GigE PoE+, 4 x SFP LAN Base

WS-C2960S-48FPS-L

Catalyst 2960S 48 GigE PoE+, 4 x SFP LAN Base

C2960S-STACK=

Catalyst 2960S Flexstack Stack Module

12.2(58)SE1

Access Layer for PC, phones,APs, other devices

Catalyst 3560XEthernet 10/100/1000 ports with PoE+ and

Uplink Module

WS-C3560X-24P-SCatalyst 3750 24 10/100/1000T PoE + and IPB Image

WS-C3560X-48PF-S

Catalyst 3750 48 10/100/1000T Full PoE + and IPB Image

C3KX-NM-1G

Catalyst 3750X 1Gig SFP Uplink Module

C3KX-NM-10G

Catalyst 3750X 10Gig SFP+ Uplink Module

12.2(58)SE1

Access Layer for PC, phones,

APs, other devices

Catalyst 3750X

Stackable Ethernet 10/100/1000 ports with

PoE+ and Uplink Module

WS-C3750X-24P-S

Catalyst 3750 24 10/100/1000T PoE + and IPB Image

WS-C3750X-48PF-SCatalyst 3750 48 10/100/1000T Full PoE + and IPB Image

C3KX-NM-1G

Catalyst 3750X 1Gig SFP Uplink Module

C3KX-NM-10G

Catalyst 3750X 10Gig SFP+ Uplink Module

12.2(58)SE1

Access Layer for PC, phones,

APs, other devices

Catalyst 4507R+E

Dual Supervisors

Dual Power Supplies

WS-C4507R+E

Catalyst 4500 E-Series 7-Slot Chassis with 48Gbps per Slot

WS-X45-SUP6L-E

Catalyst 4500 E-Series Sup 6L-E, 2x10GE(X2) with Twin Gig

WS-X4648-RJ45V+E4500 E-Series 48-Port PoE+ Ready 10/100/1000(RJ45)

12.2(54)SG1


8/455Enterprise Organizations Deployment Product ListAugust 2011 Series

Functional Area Product Part Numbers Software Version

Distribution Layer Catalyst 3750X

Stackable 12 Port SFP

WS-C3750X-12S-E

Catalyst 3750X 12 SFP + IP Services Image

12.2(58)SE1

Distribution Layer Catalyst 4507R+E

Dual Supervisors

Dual Power Supplies

WS-C4507R+E

Catalyst 4500 E-Series 7-Slot Chassis with 48Gbps per Slot

WS-X45-SUP7-E

Catalyst 4500 E-Series Supervisor, 848Gbps

WS-X4624-SFP-ECatalyst 4500 E-Series 24-Port GE (SFP)

WS-X4712-SFP+E

Catalyst 4500 E-Series 12-Port 10GbE (SFP+)

IOS XE 3.3.1

15.0(1)XO1

Distribution Layer Catalyst 6500 VSS WS-C6506-E

Catalyst 6500 E-Series 6-Slot Chassis

VS-S2T-10G

Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE

WS-X6724-SFP

Catalyst 6500 24-port GigE Mod (SFP)

WS-X6816-10G-2TCatalyst 6500 16 port 10 Gigabit Ethernet w/ DFC4

12.2(50)SY with the IP Services

Feature Set

Core Layer Catalyst 6500 WS-C6506-E

Catalyst 6500 E-Series 6-Slot Chassis

VS-S2T-10G

Catalyst 6500 VSS Supervisor 2T with 2 ports 10GbE

WS-X6724-SFP

Catalyst 6500 24-port GigE Mod (SFP)

WS-X6908-10G-2T

Catalyst 6500 8 port 10 Gigabit Ethernet w/ DFC4

12.2(50)SY with the IP Services

Feature Set

Wireless LAN 5508 Wireless LAN Controller AIR-CT5508-100-K9

5508 Wireless LAN Controller with 100 AP license

7.0.116.0

Wireless LAN Flex 7500 Wireless LAN Controller AIR-CT7510-1K-K9

7500 Wireless LAN Controller with 1000 AP license

7.0.116.0

Wireless LAN 1142 Wireless AP AIR-LAP1142N-A-K9

802.11a/g/n Fixed Unified A P

7.0.116.0

Wireless LAN 1162 Wireless AP AIR-LAP1162N-A-K9

802.11a/g/n Unified AP with External Antenna

7.0.116.0


9/456Access Layer ConfigurationsAugust 2011 Series

Access LayerCongurations

version 12.2

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

service password-encryption

!

hostname A2960S

!

boot-start-marker

boot-end-marker

!

enable secret 5 ********

!username admin password 7 ********

!

macro name AccessEdgeQoS

auto qos voip cisco-phone

@

macro name EgressQoS

mls qos trust dscp

queue-set 2

srr-queue bandwidth share 1 30 35 5

priority-queue out

@

!

aaa new-model!

!

aaa authentication login default group tacacs+ local

aaa authorization console

aaa authorization exec default group tacacs+ local

!

!

!

aaa session-id common

clock timezone PST -8

clock summer-time PDT recurring

switch 1 provision ws-c2960s-24pd-l



stack-mac persistent timer 0

!

!

ip dhcp snooping vlan 180-181

no ip dhcp snooping information option

ip dhcp snooping

ip domain-name cisco.local

ip arp inspection vlan 180-181vtp mode transparent

udld enable

!

mls qos map policed-dscp 0 10 18 to 8

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue output cos-map queue 1 threshold 3 4 5

mls qos srr-queue output cos-map queue 2 threshold 1 2





mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43

44 45mls qos srr-queue output dscp-map queue 1 threshold 3 46 47


22 23


34 35

mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39

mls qos srr-queue output dscp-map queue 2 threshold 2 24


54 55


62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 1 100 100 50 200




mls qos queue-set output 1 buffers 15 25 40 20

mls qos

!

crypto pki trustpoint TP-self-signed-372592256

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-372592256

revocation-check none


10/45

7Access Layer ConfigurationsAugust 2011 Series

rsakeypair TP-self-signed-372592256

!

!

crypto pki certificate chain TP-self-signed-372592256

certificate self-signed 01

30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33373235 39323235 36301E17 0D393330 33303130 30343532

345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 3235393232353630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

BF1A01E6 8C5DBCCE E3E1D85C BB921503 3E2CE761 29B873EB 25A55B0A 9DFB29D4

67BA735E A64398D8 A5E59D35 8CF051EA F3BBCC5D 659B883D A06CF786 8843DE6A

68C96A48 39AB0826 04BD104E FF1B1C70 37890390 FDEA7CF9 4136AB80 1CCF6A6F

48C96C73 1A927D96 DBADD206 420F44DF 39FDAFCE D503512F CACC0D31 A0CAD917

02030100 01A37230 70300F06 03551D13 0101FF04 05300301 01FF301D 0603551D

11041630 14821241 32393630 532E6369 73636F2E 6C6F6361 6C301F06 03551D23

04183016 8014E0A7 1ECA8938 639F294F 0F094E63 E775380F 6939301D 0603551D

0E041604 14E0A71E CA893863 9F294F0F 094E63E7 75380F69 39300D06 092A8648

86F70D01 01040500 03818100 95648ED1 DFA54AB6 C756566E 1123A74F D09FA42F

C771000E 8F83C9BE E9EC9F53 AE36AF17 5D7E3712 D86EBFAD F3E0E4A7 BC1503EA

7359B926 834A6DC7 1CA229B2 8F65C515 A4BB5F34 038ACE36 F2A6AC8A CB0B7399

9B98C79D 13EA084E FBDC59AF 6BEABDC7 677A036D 47A7BFD5 4087DF0E D7E62A3B70EB1B1E A185D8E6 E8BF2CC9

quit

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

auto qos srnd4

!

!

!

port-channel load-balance src-dst-ip

!

vlan internal allocation policy ascending

!

vlan 180

name A2960Sdata

!

vlan 181

name A2960Svoice

!

vlan 195

name MgmtVLAN

!

vlan 999

name antiVLANhopping

!

ip ssh version 2

!

class-map match-all AUTOQOS_VOIP_DATA_CLASS

match ip dscp ef

class-map match-all AUTOQOS_DEFAULT_CLASS

match access-group name AUTOQOS-ACL-DEFAULT

class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS

match ip dscp cs3

!!

policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY

class AUTOQOS_VOIP_DATA_CLASS

set dscp ef

police 128000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_VOIP_SIGNAL_CLASS

set dscp cs3


class AUTOQOS_DEFAULT_CLASS

set dscp default


!

!!

interface Port-channel1

description D3750X Po 1

switchport trunk native vlan 999

switchport trunk allowed vlan 180,181,195

switchport mode trunk

ip arp inspection trust

logging event trunk-status

logging event bundle-status

ip dhcp snooping trust

!

interface FastEthernet0

no ip address

shutdown

!

interface GigabitEthernet1/0/1

switchport access vlan 180

switchport mode access

switchport voice vlan 181

switchport port-security maximum 11

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity


11/45


ip arp inspection limit rate 100


queue-set 2

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

macro description AccessEdgeQoS


spanning-tree portfast

spanning-tree bpduguard enableservice-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

ip verify source

ip dhcp snooping limit rate 100

!









switchport port-security aging type inactivityip arp inspection limit rate 100


queue-set 2

priority-queue out


mls qos trust cos




spanning-tree bpduguard enable

service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY

ip verify source


!

! **********************************************************************

! Interface GigabitEthernet 1/0/3 - 3/0/24 are all configured the same

! as 1/0/1 and 1/0/2 and have been removed for conciseness

! **********************************************************************

!


description D3750X Gig 3/0/1








queue-set 2

priority-queue out

mls qos trust dscp

macro description EgressQoS

channel-protocol lacp

channel-group 1 mode activeip dhcp snooping trust

!


description *** Wireless AP ***









ip arp inspection limit rate 100srr-queue bandwidth share 1 30 35 5

queue-set 2

priority-queue out

mls qos trust dscp


auto qos trust dscp



ip verify source


!


description D3750X Gig 1/0/1








queue-set 2

priority-queue out

mls qos trust dscp



12/45



channel-group 1 mode active


!


!

interface TenGigabitEthernet3/0/1

!


!interface Vlan1

no ip address

shutdown

!

interface Vlan195

description In-band management

ip address 10.4.95.2 255.255.255.0

!

ip default-gateway 10.4.95.1

no ip http server

ip http authentication aaa

ip http secure-server

!ip access-list extended AUTOQOS-ACL-DEFAULT

permit ip any any

ip sla enable reaction-alerts

snmp-server community ******** RO

snmp-server community ******** RW

tacacs-server host 10.4.48.15 key 7 142417081E013E002131

tacacs-server directed-request

!

line con 0

line vty 0 4

exec-timeout 0 0

transport input ssh

line vty 5 15

exec-timeout 0 0

transport input ssh

!

ntp clock-period 22519093


end

Catalyst 3750-X Series Switchversion 12.2

no service pad




!

hostname A3750X

!

boot-start-markerboot-end-marker

!


!

username admin password 7 ********

!



@


mls qos trust dscp

queue-set 2srr-queue bandwidth share 1 30 35 5

priority-queue out

@

!

aaa new-model

!

!




!

!

!aaa session-id common



switch 1 provision ws-c3750x-48p




system mtu routing 1500

!

!



ip dhcp snooping


13/45



ip arp inspection vlan 164-165

vtp mode transparent

udld enable

!



mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30mls qos srr-queue input cos-map queue 1 threshold 2 3

mls qos srr-queue input cos-map queue 1 threshold 3 6 7

mls qos srr-queue input cos-map queue 2 threshold 1 4

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53

54 55


62 63


44 45

mls qos srr-queue input dscp-map queue 2 threshold 3 46 47


mls qos srr-queue output cos-map queue 2 threshold 1 2mls qos srr-queue output cos-map queue 2 threshold 2 3





44 45

mls qos srr-queue output dscp-map queue 1 threshold 3 46 47


22 23


34 35




54 55


62 63









mls qos

!






!

!

crypto pki certificate chain TP-self-signed-4072213248certificate self-signed 01

3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 34303732 32313332 3438301E 170D3933 30333031 30303037

33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30373232

31333234 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100D6EC F5DB7573 2D98B279 7C4047AF 9D631ECB 7096A132 A4603C68 28D9893F

1B90419B 267D9EC4 D1BA9A3C 41BE0A74 DCDF7207 01BFFAB8 33FB00D3 00F5DEAF

82589E01 22BF2E6B A97F91BF 9FD9B39E D9C9069D 84E29532 4E193000 A800722E

AEB0B9DA DD77ACEB DF98B1DC 118C6155 5F6BFF09 04847788 393DF5F9 059D95D0

FE370203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603

551D1104 16301482 12413337 3530582E 63697363 6F2E6C6F 63616C30 1F0603551D230418 30168014 A198768C 04CC2229 AF54DBB7 22B6E8F3 857837EB 301D0603

551D0E04 160414A1 98768C04 CC2229AF 54DBB722 B6E8F385 7837EB30 0D06092A

864886F7 0D010104 05000381 8100CB23 DB828A04 484F242E FCACD8FD 1F5FC3C0

D2E448FE 8E3FBF55 C6E0A548 722117A5 A086C848 FC4F5C6D 835ADE12 C8B81689

4AAC9FBD 74118ACB B48DA9ED 6EF504D7 FC74A91B DC5EF173 82F0F81D 01D864E8

D7C1D244 2CB3173E F8E86672 1EA57884 F7B75C80 67B63B8C D14BC338 9938FA70

51096010 9B55435A 40E01697 6169

quit

!



auto qos srnd4

!

!

!


!


!

vlan 164

name A3750Xdata

!

vlan 165

name A3750Xvoice

!


14/45


vlan 179

name MgmtVLAN

!

vlan 999


!

ip ssh version 2

!

class-map match-all AUTOQOS_VOIP_DATA_CLASS

match ip dscp efclass-map match-all AUTOQOS_DEFAULT_CLASS

match access-group name AUTOQOS-ACL-DEFAULT

class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS

match ip dscp cs3

!

!

policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY

class AUTOQOS_VOIP_DATA_CLASS

set dscp ef


class AUTOQOS_VOIP_SIGNAL_CLASS

set dscp cs3

police 32000 8000 exceed-action policed-dscp-transmitclass AUTOQOS_DEFAULT_CLASS

set dscp default


!

!

!


switchport trunk encapsulation dot1q








!


no ip address

!












queue-set 2

priority-queue out


mls qos trust cos

macro description AccessEdgeQoSauto qos voip cisco-phone




ip verify source


!






switchport port-securityswitchport port-security aging time 2





queue-set 2

priority-queue out


mls qos trust cos






ip verify source


!

! **********************************************************************

! Interface GigabitEthernet 1/0/3 - 2/0/48 are all configured the same

! as 1/0/1 and 1/0/2 and have been removed for conciseness

! **********************************************************************

!


!



15/45


!


!


!





switchport mode trunkip arp inspection trust


queue-set 2

priority-queue out

mls qos trust dscp





!


!

interface GigabitEthernet2/0/24description *** Wireless AP ***











queue-set 2

priority-queue out

mls qos trust dscp


auto qos trust dscp



ip verify source


!


!


!


!


!


!


!


!interface GigabitEthernet3/1/2

!


!


!







srr-queue bandwidth share 1 30 35 5queue-set 2

priority-queue out

mls qos trust dscp





!


!

interface Vlan1

no ip address

!

interface Vlan179

ip address 10.4.79.2 255.255.255.128

!

ip default-gateway 10.4.79.1

ip classless

no ip http server



!

ip access-list extended AUTOQOS-ACL-DEFAULT

permit ip any any

!


16/45





tacacs-server host 10.4.48.15 key 7 073C244F5C0C0D2E120B


!

!

line con 0

line vty 0 4

transport input sshline vty 5 15

transport input ssh

!



end

Catalyst 4500+E Series Switchversion 12.2

no service pad




service compress-config

!

hostname A4507R

!boot-start-marker

boot system bootflash:/cat4500e-ipbasek9-mz.122-54.SG1.bin

boot-end-marker

!


!


!


qos trust device cisco-phone

service-policy input CISCOPHONE-POLICY

service-policy output 1P7Q1T

@



@

!

aaa new-model

!

!




!

!!




udld enable

ip subnet-zero

ip arp inspection vlan 100-101


!

!




17/45


ip dhcp snooping

ip vrf mgmtVrf

!


!

!




revocation-check nonersakeypair TP-self-signed-122739

!

!



30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

2D312B30 29060355 04031322 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31323237 3339301E 170D3130 30393234 30393132 35335A17

0D323030 31303130 30303030 305A302D 312B3029 06035504 03132249 4F532D53

656C662D 5369676E 65642D43 65727469 66696361 74652D31 32323733 3930819F

300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100ED11 30C42976

81CE2754 ABFE23DF 52442D51 5475B23B 030FC2CB 8A615C90 68FC3260 5EDDAE47

E4DE3125 81E4B091 2EA65D26 C1791910 DB910937 9CDD34D9 9EAA7974 57CC096C15DE296D 298CDD15 770C9B6F 64D4A304 F7183322 60542AC2 B222AABC 21834439

958C1368 79F2EC3C C2827AE9 37586F50 02575752 E5134EE0 38E70203 010001A3

72307030 0F060355 1D130101 FF040530 030101FF 301D0603 551D1104 16301482

12413435 3037522E 63697363 6F2E6C6F 63616C30 1F060355 1D230418 30168014

93174066 F8203B1B 8266C368 6C51342B D668489D 301D0603 551D0E04 16041493

174066F8 203B1B82 66C3686C 51342BD6 68489D30 0D06092A 864886F7 0D010104

05000381 81007D5E BDFE9D3E B89C3DED DB6D1A8C 108323DE F86C6B61 33712152

BEE057DF 84389EF6 4D473C64 62642BE1 54E97C5B 1FCA3791 65B34C69 5210428D

8C49DC73 82AF1930 49F380A7 D66576A4 2C71E045 EE9B339D 3A498FA7 B6A489FA

9BA039D7 C61F3253 AFAAB4F6 6409A561 BE6F1A14 08AC8614 12B6E7EC 3A073C62

8D3441F2 BE3A

quit

power redundancy-mode redundant

!

!

!

!



!

redundancy

mode sso

!


!

vlan 100

name A4500data

!

vlan 101

name A4500voice

!

vlan 115

name MgmtVLAN

!

vlan 999name antiVLANhopping

!

ip ssh version 2

!

class-map match-any MULTIMEDIA-STREAMING-QUEUE

match dscp af31 af32 af33

class-map match-any CONTROL-MGMT-QUEUE

match dscp cs7

match dscp cs6

match dscp cs3

match dscp cs2

class-map match-any TRANSACTIONAL-DATA-QUEUE

match dscp af21 af22 af23class-map match-any SCAVENGER-QUEUE

match dscp cs1

class-map match-any MULTIMEDIA-CONFERENCING-QUEUE


class-map match-any VOIP_SIGNAL_CLASS

match cos 3

class-map match-any BULK-DATA-QUEUE


class-map match-any VOIP_DATA_CLASS

match cos 5

class-map match-any PRIORITY-QUEUE

match dscp ef

match dscp cs5

match dscp cs4

!

policy-map CISCOPHONE-POLICY

class VOIP_DATA_CLASS

set dscp ef

police cir 128000 bc 8000

conform-action transmit

exceed-action drop

class VOIP_SIGNAL_CLASS

set dscp cs3




18/45


exceed-action drop

class class-default

set dscp default



exceed-action set-dscp-transmit cs1

policy-map 1P7Q1T

class PRIORITY-QUEUE

priority

class CONTROL-MGMT-QUEUEbandwidth remaining percent 10

class MULTIMEDIA-CONFERENCING-QUEUE

bandwidth remaining percent 10

class MULTIMEDIA-STREAMING-QUEUE


class TRANSACTIONAL-DATA-QUEUE


dbl

class BULK-DATA-QUEUE


dbl

class SCAVENGER-QUEUE

bandwidth remaining percent 1class class-default


dbl

!

!

!


switchport





logging event link-status



!


ip vrf forwarding mgmtVrf

no ip address

speed auto

duplex auto

!

interface GigabitEthernet1/1












spanning-tree portfastspanning-tree bpduguard enable



ip verify source vlan dhcp-snooping


!







switchport port-security aging time 2switchport port-security violation restrict











!

! **********************************************************************

! Interface GigabitEthernet 1/3 - 2/48 are all configured the same as

! 1/1 and 1/2 and have been removed for conciseness

! **********************************************************************

!


description *** Wireless AP ***








19/45











!interface TenGigabitEthernet3/1

description to D6500VSS











ip dhcp snooping trust!

interface TenGigabitEthernet3/2

!


!


!


!


!


description to D6500VSS












!


!


!


!


!


!interface Vlan1

no ip address

!

interface Vlan115

ip address 10.4.15.2 255.255.255.128

!

ip route 0.0.0.0 0.0.0.0 10.4.15.1

no ip http server



!

!

!snmp-server community ******** RO


tacacs-server host 10.4.48.15 key 7 142417081E013E002131


!

line con 0

stopbits 1

line vty 0 4

transport input ssh

line vty 5 15

transport input ssh

!


ntp update-calendar


end


20/45

17Distribution Layer ConfigurationsAugust 2011 Series

Distribution LayerCongurations

Catalyst 3750X-12S Switchversion 12.2

no service pad




!

hostname D3750X

!

boot-start-marker

boot-end-marker

!

enable secret 5 ********!


!


mls qos trust dscp

queue-set 2


priority-queue out

@

!

aaa new-model

!

!




!

!

!




switch 1 provision ws-c3750x-12s




system mtu routing 1500


udld enable

ip routing


!

!

ip multicast-routing distributed!



mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30


mls qos srr-queue input cos-map queue 1 threshold 3 6 7


mls qos srr-queue input dscp-map queue 1 threshold 2 24


54 55

mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 6162 63


44 45

mls qos srr-queue input dscp-map queue 2 threshold 3 46 47








44 45

mls qos srr-queue output dscp-map queue 1 threshold 3 46 47


22 23


34 35




54 55


62 63




21/45








mls qos

!


enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3390787840



!

!



3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33333930 37383738 3430301E 170D3933 30333031 30303131

34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33393037

38373834 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 818902818100B2ED 45225612 16293B0C D86040FC 7553FC9C C52C89B0 F1002D63 D1038892

9A3C383C 61046FF0 56267851 D2409183 98C58976 79AC7DAD 9E420D6F 76E8B428

E6D453FC A387FD01 2475251A E7E4DAB6 066AFA61 FC1D5F12 F517190B B132EEB9

BCDF58D9 BB9C0D79 D049B8C3 172E101E 2477B130 E477232B 1A8EC3C4 C26853FD

331F0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603

551D1104 16301482 12443337 3530472E 63697363 6F2E6C6F 63616C30 1F060355

1D230418 30168014 219A51B5 668506F6 6F09FF8A B291EB53 322E0C9F 301D0603

551D0E04 16041421 9A51B566 8506F66F 09FF8AB2 91EB5332 2E0C9F30 0D06092A

864886F7 0D010104 05000381 8100800E F5C20CDF FA27A906 DB1D918A 50026D84

F5555E6B ED5EAC03 C651CC2F DAFE7869 7498807E 55F18138 B30931CB 1130FC12

3F68309F 615AB182 3893D804 4A9CC720 8CADE0F4 E9F84CD8 26EF2E04 64FA8E52

079E8EAC B5F7FA38 708C5034 1BC5988F 61FBC897 88006B3F 602BE1D8 6D6A989E

967C49FC 61DD21FB 2FCD09B6 0B00

quit

auto qos srnd4

!

!

!


!



spanning-tree vlan 180-195 priority 24576

!


!

vlan 180

name A2960Sdata

!

vlan 181

name A2960Svoice

!

vlan 182-194

!

vlan 195name antiVLANhopping

!

vlan 999

name MgmtVLAN

!

ip ssh source-interface Loopback1

ip ssh version 2

!

!

!

interface Loopback1

ip address 10.4.95.254 255.255.255.255

ip pim sparse-mode!


description A2960S Po 1







!


!

interface Port-channel31description C6509-L Po 31

no switchport

ip address 10.4.40.14 255.255.255.252

ip pim sparse-mode

ip summary-address eigrp 100 10.4.176.0 255.255.240.0

!


description C6509-R Po 36

no switchport

ip address 10.4.40.26 255.255.255.252

ip pim sparse-mode



22/45


!


description A2960S Gig 2/0/25








priority-queue out

mls qos trust dscp




!


!





!


description link to EW3750G test switch





queue-set 2

priority-queue out

mls qos trust dscp



description link to EW3750E test switch





queue-set 2

priority-queue out

mls qos trust dscp


!


!


!


!


!



!


description C6509-L Gig 1/1

no switchport

no ip address




carrier-delay msec 0


queue-set 2

priority-queue outmls qos trust dscp



!


description C6509-R Gig 1/2

no switchport

no ip address






priority-queue out

mls qos trust dscp



!


!


!



23/45


!


!


!


!



channel-group 3 mode active!


!


!


!


!


!



!


!


!







logging event bundle-statussrr-queue bandwidth share 1 30 35 5

queue-set 2

priority-queue out

mls qos trust dscp




!


!


!


!


!


!


!

interface GigabitEthernet3/0/8!


!


!


!


!


description C6509-L Gig 1/2

no switchport

no ip addresslogging event link-status





queue-set 2

priority-queue out

mls qos trust dscp



!


description C6509-R Gig 1/1no switchport

no ip address






queue-set 2

priority-queue out

mls qos trust dscp



24/45



!


!


!


!


!interface Vlan1

no ip address

shutdown

!

interface Vlan180

ip address 10.4.80.1 255.255.255.0

ip helper-address 10.4.48.10

ip pim sparse-mode

!

interface Vlan181

ip address 10.4.81.1 255.255.255.0


ip pim sparse-mode!

interface Vlan182

ip address 10.4.82.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan183

ip address 10.4.83.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan184

ip address 10.4.84.1 255.255.255.0ip helper-address 10.4.48.10

ip pim sparse-mode

!

interface Vlan185

ip address 10.4.85.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan186

ip address 10.4.86.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan187

ip address 10.4.87.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan188

ip address 10.4.88.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan189

ip address 10.4.89.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan190

ip address 10.4.90.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan191

ip address 10.4.91.1 255.255.255.0ip helper-address 10.4.48.10

ip pim sparse-mode

!

interface Vlan192

ip address 10.4.92.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan193

ip address 10.4.93.1 255.255.255.0


ip pim sparse-mode

!interface Vlan194

ip address 10.4.94.1 255.255.255.0


!

interface Vlan195

ip address 10.4.95.1 255.255.255.128


ip pim sparse-mode

!

!

router eigrp 100

network 10.4.0.0 0.0.255.255


25/45


passive-interface default

no passive-interface Port-channel31

no passive-interface Port-channel36

eigrp router-id 10.4.95.254

nsf

!

ip classless

no ip http server



!

ip pim rp-address 10.4.40.252 10

!


access-list 10 permit 239.1.0.0 0.0.255.255

!



snmp-server trap-source Loopback1

tacacs-server host 10.4.48.15 key 7 113A1C0605171F270133


!

!line con 0

line vty 0 4

exec-timeout 0 0

transport input ssh

line vty 5 15

exec-timeout 0 0

transport input ssh

!



end

Catalyst 4507R+E Switchversion 15.0

no service pad




service compress-config

!

hostname D4507R

!boot-start-marker

boot system bootflash:cat4500e-universalk9.SPA.03.01.00.SG.150-1.XO.bin

license boot level entservices

boot-end-marker

!

logging event link-status global


!


!



@

!

aaa new-model

!

!




!

!

!

aaa session-id commonclock timezone PST -8


udld enable

ip subnet-zero


ip vrf Mgmt-vrf

!

ip multicast-routing

!

!


!


26/45







!

!



30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

2D312B30 29060355 04031322 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31343236 3839301E 170D3130 30393233 31353230 30325A17

0D323030 31303130 30303030 305A302D 312B3029 06035504 03132249 4F532D53

656C662D 5369676E 65642D43 65727469 66696361 74652D31 34323638 3930819F

300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BBC1 2EC02B9F

693ED991 6A729442 8C392560 C4E99E5C FA52A13B 4AF8C58F 7C9E8D08 AE06C66D

0650A60F E4FCA579 AE4B8F8F FEBF3407 1568FA75 BEF5FF22 44723CBE C4FBF6CA

8CB65667 76055AD9 B956E5C4 6CAB4B3D 1EA96DA9 169B40F4 ADE68488 C11415FF

89E78051 592F3162 AD046F96 2DCB7BB2 9C4C6138 3ACF9182 B8070203 010001A3

72307030 0F060355 1D130101 FF040530 030101FF 301D0603 551D1104 16301482

12443435 3037522E 63697363 6F2E6C6F 63616C30 1F060355 1D230418 30168014

83DA0C21 7BD4DE0C FA7EC341 E943633D 93777DA1 301D0603 551D0E04 16041483

DA0C217B D4DE0CFA 7EC341E9 43633D93 777DA130 0D06092A 864886F7 0D01010405000381 81003CE8 0F2C4439 58C822C9 47158AFB AF613513 9644265A 178B4485

CFA68859 2FDEC501 A8499CAB EDA06F32 AF2F9405 275CD2B6 C5069869 C2534487

472CAF91 D9A34AE4 2B7274BD 783754BF 2121DE9F DBFF6830 70F2AC21 150B55BC

31EF364E 64C02CE2 E27B23A3 499870CC B021A581 47BF53E7 62D8B2BE B9240C08

17139438 C723

quit

!

power redundancy-mode redundant

!

!

!

!

spanning-tree mode rapid-pvstspanning-tree extend system-id

spanning-tree vlan 164-179,902 priority 24576

!

redundancy

mode sso

!


!

vlan 164

name A3750Xdata

!

vlan 165

name A3750Xvoice

!

vlan 179

name MgmtVLAN

!

vlan 999


!

ip ssh source-interface Loopback1

ip ssh version 2

!

class-map match-any MULTIMEDIA-STREAMING-QUEUE


class-map match-any CONTROL-MGMT-QUEUE

match dscp cs7

match dscp cs6

match dscp cs3

match dscp cs2

class-map match-any TRANSACTIONAL-DATA-QUEUE


class-map match-any SCAVENGER-QUEUE

match dscp cs1

class-map match-any MULTIMEDIA-CONFERENCING-QUEUEmatch dscp af41 af42 af43

class-map match-any BULK-DATA-QUEUE


class-map match-any PRIORITY-QUEUE

match dscp ef

match dscp cs5

match dscp cs4

!

policy-map 1P7Q1T


priority

class CONTROL-MGMT-QUEUE

bandwidth remaining percent 10class MULTIMEDIA-CONFERENCING-QUEUE




class TRANSACTIONAL-DATA-QUEUE


dbl



dbl




27/45


class class-default


dbl

!

!

!

interface Loopback1

ip address 10.4.79.254 255.255.255.255

ip pim sparse-mode

!


switchport




!


ip vrf forwarding Mgmt-vrf

no ip address

shutdown

speed auto

duplex auto


!












!


!


!


!


!


!


!


!


!


no switchport

ip address 10.4.40.30 255.255.255.252

ip pim sparse-mode





!


!




switchport mode trunklogging event link-status






!


!


!



!


!


!


!


!


28/45



!


no switchport

ip address 10.4.40.18 255.255.255.252

ip pim sparse-mode





!


!


!


!


!

interface Vlan1

no ip address

!

interface Vlan164ip address 10.4.64.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan165

ip address 10.4.65.1 255.255.255.0


ip pim sparse-mode

!

interface Vlan179

ip address 10.4.79.1 255.255.255.128

!

router eigrp 100network 10.4.0.0 0.0.255.255

passive-interface default

no passive-interface TenGigabitEthernet1/12

no passive-interface TenGigabitEthernet2/12

eigrp router-id 10.4.79.254

nsf

!

no ip http server



!

ip pim rp-address 10.4.40.252 10

!

!


!



snmp-server trap-source Loopback1

!

tacacs-server host 10.4.48.15 key 7 06350A225E4B1D32000E


!

line con 0

exec-timeout 30 0

stopbits 1

line vty 0 4

transport input ssh

line vty 5 15

transport input ssh

line vty 16

!

!

monitor session 1 filter packet-type good rxntp clock-period 17202641

ntp update-calendar


end


29/45


Catalyst Virtual Switching System 4Tupgrade fpd auto

version 12.2




service counters max age 5

!

hostname D6500VSS

!boot-start-marker

boot-end-marker

!

security passwords min-length 1

logging buffered 8192


!


aaa new-model

!

!




!

!

!




!

!

!

ip multicast-routing

ip ssh source-interface Loopback1ip ssh version 2


udld enable


!

switch virtual domain 100

switch mode virtual

mac-address use-virtual

!

mls netflow interface

table-map cos-discard-class-map

map from 0 to 0

map from 1 to 8

map from 2 to 16

map from 3 to 24

map from 4 to 32

map from 5 to 46

map from 6 to 48

map from 7 to 56

!

mls cef error action reset

!






!

! Class maps for 1P7Q4T 10Gb ports service policy

class-map type lan-queu match-any PRIORITY-QUEUE

match dscp ef

match dscp cs5

match dscp cs4

class-map type lan-queu match-any CONTROL-MGMT-QUEUE

match dscp cs7match dscp cs6

match dscp cs3

match dscp cs2

class-map type lan-queu match-any MULTIMEDIA-CONFERENCING-QUEUE


class-map type lan-queu match-any MULTIMEDIA-STREAMING-QUEUE


class-map type lan-queu match-any TRANSACTIONAL-DATA-QUEUE


class-map type lan-queu match-any BULK-DATA-QUEUE


class-map type lan-queu match-any SCAVENGER-QUEUE

match dscp cs1!

policy-map type lan-queuing 1P7Q4T


priority

queue-limit percent 15

class CONTROL-MGMT-QUEUE



random-detect dscp-based

random-detect dscp 16 percent 60 70



30/45







class MULTIMEDIA-CONFERENCING-QUEUE

















random-detect dscp 26 percent 90 100class TRANSACTIONAL-DATA-QUEUE












random-detect dscp-basedrandom-detect dscp 14 percent 70 80





class class-default










!

! Class maps for 1P3Q8T 1Gb ports service policy

class-map type lan-queu match-any PRIORITY-QUEUE-GIG

match cos 5 4

class-map type lan-queu match-any CONTROL-AND-STREAM-MEDIA

match cos 7 6 3 2

class-map type lan-queu match-any BULK-DATA-SCAVENGER

match cos 1

!

policy-map type lan-queuing 1P3Q8T

class PRIORITY-QUEUE-GIG

priority


class CONTROL-AND-STREAM-MEDIA

bandwidth remaining 40


random-detect cos-based

random-detect cos 2 percent 60 70

random-detect cos-basedrandom-detect cos 3 percent 70 80





class class-default





class BULK-DATA-SCAVENGER


queue-limit percent 20random-detect cos-based


!

macro name EgressQoSTenGig

service-policy type lan-queuing output 1P7Q4T

@

!

macro name EgressQoSGig


@

!


31/45


!

!


spanning-tree vlan 100-107,900-901 priority 8192

diagnostic bootup level minimal


!

redundancy

main-cpu

auto-sync running-config

mode sso

!


vlan access-log ratelimit 2000

!

vlan 100

name A4500data

!

vlan 101

name A4500voice

!

vlan 102

name vlan102!

vlan 103

name vlan103

!

vlan 104

name vlan104

!

vlan 105

name vlan105

!

vlan 106

name vlan106

!vlan 107

name vlan107

!

vlan 115

name MgmtVLAN

!

vlan 999


!

!

!

interface Loopback1

ip address 10.4.15.254 255.255.255.255

ip pim sparse-mode

!


switchport





!


no switchport

ip address 10.4.40.10 255.255.255.252

ip pim sparse-mode


!


no switchport

ip address 10.4.40.22 255.255.255.252

ip pim sparse-mode


!

interface Port-channel101no switchport

no ip address

switch virtual link 1

no mls qos channel-consistency

!


no switchport

no ip address

switch virtual link 2

no mls qos channel-consistency

!


no switchportno ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown


32/45


!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!



dual-active fast-hello

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip addressshutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


33/45



no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip addressshutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!

interface GigabitEthernet1/1/30no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!

interface GigabitEthernet1/1/37no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!



34/45


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown!


no switchport

no ip address

shutdown

!


no switchport

no ip address

shutdown

!





macro description EgressQoSTenGig




!


no switchport

no ip address



shutdown

!


no switchport

no ip address



shutdown

!


no switchp

sba ent bn lanconfigurationguide-august2011

Documents